Lucene search

VulDBCVE-2022-4364

HistoryDec 08, 2022 - 3:15 p.m.

CVE-2022-4364

2022-12-0815:15:10

CWE-707

CWE-78

VulDB

web.nvd.nist.gov

cve-2022-4364

teledyne flir ax8

critical vulnerability

command injection

web service handler

palette.php

remote attack

vdb-215118

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Vulners

Node

flirflir_ax8_firmwareRange1.46.0–1.46.16

AND

flirflir_ax8Match-

VendorProductVersionCPE
flirflir_ax8_firmware*cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
flirflir_ax8-cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8_firmware	*	cpe:2.3:o:flir:flir_ax8_firmware::::::::
flir	flir_ax8	-	cpe:2.3:h:flir:flir_ax8:-:::::::*

CNA Affected

[
  {
    "vendor": "Teledyne FLIR",
    "product": "AX8",
    "versions": [
      {
        "version": "1.46.0",
        "status": "affected"
      },
      {
        "version": "1.46.1",
        "status": "affected"
      },
      {
        "version": "1.46.2",
        "status": "affected"
      },
      {
        "version": "1.46.3",
        "status": "affected"
      },
      {
        "version": "1.46.4",
        "status": "affected"
      },
      {
        "version": "1.46.5",
        "status": "affected"
      },
      {
        "version": "1.46.6",
        "status": "affected"
      },
      {
        "version": "1.46.7",
        "status": "affected"
      },
      {
        "version": "1.46.8",
        "status": "affected"
      },
      {
        "version": "1.46.9",
        "status": "affected"
      },
      {
        "version": "1.46.10",
        "status": "affected"
      },
      {
        "version": "1.46.11",
        "status": "affected"
      },
      {
        "version": "1.46.12",
        "status": "affected"
      },
      {
        "version": "1.46.13",
        "status": "affected"
      },
      {
        "version": "1.46.14",
        "status": "affected"
      },
      {
        "version": "1.46.15",
        "status": "affected"
      },
      {
        "version": "1.46.16",
        "status": "affected"
      }
    ]
  }
]

References

github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md

vuldb.com/?id.215118

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Related for CVE-2022-4364